safe harbour

Jim Brunsden

Welcome to Monday’s edition of our new Brussels Briefing. To receive it every morning in your email in-box, sign up here.

It’s been a rough few months for US tech giants doing business in Europe. Apple is fighting a rearguard action to prevent EU competition authorities from ordering it to pay billions of back taxes to Ireland; Google has been accused by Brussels of abusing its dominant position in internet searching; and Facebook has faced a series of legal setbacks over its data privacy policies. Unless EU and US negotiators can sew up a deal in the next 24 hours, add another item to that litany: the disappearance of the legal agreement that has allowed tech groups to seamlessly move data on customers back and forth across the Atlantic.

In reality, that legal structure disappeared four months ago, when the European Court of Justice struck it down following disclosures by former US intelligence contractor Edward Snowden that, the court ruled, meant the US wasn’t living up to its side of the “safe harbour” agreement — which is based on the assumption that privacy practices are relatively the same in both jurisdictions. But while the ECJ ruling came in October, European data protection agencies decided to give EU and US authorities to the end of January to strike a new “safe harbour” deal. In the interim, companies that regularly transfer personal data — be it payroll information or your latest posts on Facebook — were left in a legal limbo. They were not quite sure if their alternative measures would would suffer the same legal fate as safe harbour.

European Commission and US Commerce department negotiators spent most of a drizzly Sunday in Brussels attempting to strike a deal, but here we are on February 1 and none has been reached. Although the deadline has officially passed, negotiators can actually use today for one last push.Europe’s national data privacy authorities (DPAs) won’t meet until tomorrow to decide on their next steps. But absent a “safe harbour” deal, this meeting could trigger hunting season for the more adventurous DPAs, who will look to the US West Coast for some big game. Read more

James Fontanella-Khan

Demonstrators in Berlin protest against alleged US spying activities in July.

In today’s dead-tree edition of the FT, we report on a draft of a stinging report the European Commission will issue Wednesday which could send shock waves through the US tech industry: unless the Obama administration changes the way it handles online data of European citizens, American companies like Google and Facebook will have to find another way to do business in the EU.

Given the importance of the Commission’s review of the 13-year-old “safe harbour” agreement with the US – which allows American firms to operate in Europe under US privacy rules because of an assumption that Washington treats the data similarly to European governments – and the fact we got our hands on it before its official release, we thought Brussels Blog readers might be interested in a bit more detail about the Commission’s findings. Read more